21 posts tagged with "authentication"

Passwords are on their way out. From phishing to password reuse, they've become one of the weakest links in modern authentication. The solution? Passkeys—a phishing-resistant, user-friendly, and increasingly supported replacement for traditional passwords.

In this post, we’ll break down what passkeys are, how they work, which platforms support them, how they relate to WebAuthn, and how you can integrate them into your Keycloak authentication flows. Finally, we’ll explore some of the real-world considerations and challenges.

SAML has a bit of a reputation. For many developers, it lives in that shadowy corner of the B2B internet where XML still rules and stack traces seem to go on forever. If you've ever had the misfortune of debugging a malformed <Assertion>, you know the pain. But here's the thing: it doesn't have to be a nightmare.

At Phase Two, we provide managed hosting and enterprise support for Keycloak, a leading open-source Identity and Access Management platform. And while OIDC has become the default for most modern applications, SAML is still alive and well—especially in enterprise environments.

This post is a gentle (and opinionated) introduction to what SAML is, how it works, and why it still matters particularly if you're implementing SAML SSO in Keycloak.

IdP Initiated Flow​

When implementing SAML for the establishment of an Identity Provider, two primary options are available:

1. Service Provider (SP) initiated
2. Identity Provider (IdP) initiated

The SP initiated flow is widely recognized by users due to its straightforward configuration, which is merely the exchange of some metadata. In contrast, the IdP-initiated flow is less intuitive and involves an additional step that may not be readily apparent to many users. The purpose of this blog is to elucidate the steps necessary to successfully execute the IdP-initiated flow. We will setup a full example

A fundamental understanding of SAML 2.0 and Keycloak is required to effectively follow the provided instructions.

Our pal over at Keycloakify has been working on creating a simple OpenId Connect (OIDC) library called, OIDC Spa. As with Joseph's usual approach to user friendliness, OIDC SPA simplifies a lot of the integration work than can come with adding an Authentication and Authorization layer to your application. Follow along as we show you how to integrate OIDC SPA with a Phase Two's free Keycloak instance.

Keycloak and Frontegg are two prominent solutions in the identity and access management (IAM) space, each serving distinct needs. Keycloak is an open-source IAM solution with over eight years of development, known for its scalability and deep customization options, allowing organizations full control over user identity management. On the other hand, Frontegg is a cloud-native platform designed for quick deployment and integration, specifically tailored for SaaS applications, offering a user-friendly management experience. In this blog post, we will compare Keycloak and Frontegg based on cost structure, deployment options, customization, scalability, functionality, and support.

Exploring Keycloak as an alternative to PingIdentity for Authentication Solutions

In the evolving landscape of identity and access management (IAM), organizations face critical decisions regarding the tools that will best meet their needs. Keycloak and Ping Identity are two noteworthy solutions, each exhibiting unique features that cater to different organizational requirements. This blog provides a detailed comparison of open-source Keycloak and the commercial offering of Ping Identity across essential aspects of IAM solutions.

In this article we'll be using Keycloak to quickly secure a Angular application with user management and single sign on (SSO) using the open source IAMs Keycloak for Authentication and Authorization. We will demonstrate the integration by securing a page for logged-in users. This quickly provides a jump-off point to more complex integrations.

Exploring Keycloak as an alternative to OneLogin for Authentication Solutions

Keycloak and OneLogin (by One Identity) are both important players in the identity and access management (IAM) space, each catering to different organizational needs. Keycloak is an open-source solution with over eight years of active development, known for its scalability and customization. OneLogin, on the other hand, is a commercial product emphasizing user-friendly interfaces and extensive integration options. This article compares Keycloak and OneLogin based on cost, deployment, customization, scalability, functionality, integration, and support.

Exploring Keycloak as an Alternative to WorkOS for Authentication Solutions

Keycloak and WorkOS are both identity and access management (IAM) solutions that offer various features for authentication, authorization, and user management. While they serve similar purposes, there are key differences between the two platforms that make them unique and suitable for different use cases. Keycloak is an open source platform under active development for over 8 years and known for its scalability and customization options. WorkOS is a closed-source platform that can quickly integrate SSO to an application. In this blog post, we'll explore the key differences between Keycloak and WorkOS, focusing on factors such as cost of ownership, scalability, deployments, and maintenance.

An exciting new feature has been added to Phase Two Organizations Extension! Organizations now support shared Identity Providers (IdPs) for mapping multiple organizations to a single IDP. This feature is especially useful for organizations that have multiple organizations that need to share the same IDP.